package hudson.security.csrf;

import hudson.util.MultipartFormDataParser;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import jenkins.util.SystemProperties;
import org.apache.http.client.methods.HttpPost;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.ForwardToView;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.springframework.security.authentication.AnonymousAuthenticationToken;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.450-rc34738.d09a_e8c7b_b_90.jar:hudson/security/csrf/CrumbFilter.class */
public class CrumbFilter implements Filter {
    static boolean UNPROCESSED_PATHINFO = SystemProperties.getBoolean(CrumbFilter.class.getName() + ".UNPROCESSED_PATHINFO");
    private static final Logger LOGGER = Logger.getLogger(CrumbFilter.class.getName());

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.450-rc34738.d09a_e8c7b_b_90.jar:hudson/security/csrf/CrumbFilter$ErrorCustomizer.class */
    public static class ErrorCustomizer implements RequirePOST.ErrorCustomizer {
        @Override // org.kohsuke.stapler.interceptor.RequirePOST.ErrorCustomizer
        public ForwardToView getForwardView() {
            return new ForwardToView(CrumbFilter.class, "retry");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.450-rc34738.d09a_e8c7b_b_90.jar:hudson/security/csrf/CrumbFilter$Security1774ServletRequest.class */
    private static class Security1774ServletRequest extends HttpServletRequestWrapper {
        Security1774ServletRequest(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getPathInfo() {
            return canonicalPath(getRequestURI().substring(getContextPath().length()));
        }

        private static String canonicalPath(String str) {
            ArrayList<String> arrayList = new ArrayList(Arrays.asList(str.split("/+")));
            int i = 0;
            while (i < arrayList.size()) {
                if (((String) arrayList.get(i)).isEmpty() || ((String) arrayList.get(i)).equals(".")) {
                    arrayList.remove(i);
                } else if (((String) arrayList.get(i)).equals("..")) {
                    arrayList.remove(i);
                    if (i > 0) {
                        arrayList.remove(i - 1);
                        i--;
                    }
                } else {
                    i++;
                }
            }
            StringBuilder sb = new StringBuilder();
            if (str.startsWith("/")) {
                sb.append('/');
            }
            boolean z = true;
            for (String str2 : arrayList) {
                if (z) {
                    z = false;
                } else {
                    sb.append('/');
                }
                sb.append(str2);
            }
            if (str.endsWith("/") && (sb.length() == 0 || sb.charAt(sb.length() - 1) != '/')) {
                sb.append('/');
            }
            return sb.toString();
        }
    }

    public CrumbIssuer getCrumbIssuer() {
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull == null) {
            return null;
        }
        return instanceOrNull.getCrumbIssuer();
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    /* JADX WARN: Type inference failed for: r0v21, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    /* JADX WARN: Type inference failed for: r0v24, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        CrumbIssuer crumbIssuer = getCrumbIssuer();
        if (crumbIssuer == null || !(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!HttpPost.METHOD_NAME.equals(httpServletRequest.getMethod())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest security1774ServletRequest = UNPROCESSED_PATHINFO ? httpServletRequest : new Security1774ServletRequest(httpServletRequest);
        Iterator<CrumbExclusion> it = CrumbExclusion.all().iterator();
        while (it.hasNext()) {
            if (it.next().process(security1774ServletRequest, httpServletResponse, filterChain)) {
                return;
            }
        }
        String crumbRequestField = crumbIssuer.getDescriptor2().getCrumbRequestField();
        String crumbSalt = crumbIssuer.getDescriptor2().getCrumbSalt();
        boolean z = false;
        String extractCrumbFromRequest = extractCrumbFromRequest(httpServletRequest, crumbRequestField);
        if (extractCrumbFromRequest == null) {
            extractCrumbFromRequest(httpServletRequest, ".crumb");
        }
        Level level = Jenkins.getAuthentication2() instanceof AnonymousAuthenticationToken ? Level.FINE : Level.WARNING;
        if (extractCrumbFromRequest != null) {
            if (crumbIssuer.validateCrumb(httpServletRequest, crumbSalt, extractCrumbFromRequest)) {
                z = true;
            } else {
                LOGGER.log(level, "Found invalid crumb {0}. If you are calling this URL with a script, please use the API Token instead. More information: https://www.jenkins.io/redirect/crumb-cannot-be-used-for-script", extractCrumbFromRequest);
            }
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            LOGGER.log(level, "No valid crumb was included in request for {0} by {1}. Returning {2}.", new Object[]{httpServletRequest.getRequestURI(), Jenkins.getAuthentication2().getName(), 403});
            httpServletResponse.sendError(403, "No valid crumb was included in the request");
        }
    }

    private String extractCrumbFromRequest(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader(str);
        if (header == null) {
            Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
            while (true) {
                if (!parameterNames.hasMoreElements()) {
                    break;
                }
                String nextElement = parameterNames.nextElement();
                if (str.equals(nextElement)) {
                    header = httpServletRequest.getParameter(nextElement);
                    break;
                }
            }
        }
        return header;
    }

    protected static boolean isMultipart(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return false;
        }
        return MultipartFormDataParser.isMultiPartForm(httpServletRequest.getContentType());
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
